This notification was originally sent as an email to all Typeform users. We have copied it here for reference.
On April 7, 2014 the OpenSSL project released information about a security vulnerability in OpenSSL, named Heartbleed. You can read more about it at:
Or watch a video explaining Heartbleed on YouTube:
What is Heartbleed?
In summary, Heartbleed is a vulnerability in the technology many sites on the internet use to keep your data safe as it moves between your computer and their website.
It affected two thirds of the websites we visit every day, including sites like Google, Yahoo, Amazon, Etsy, Tumblr, etc. Unfortunately, that includes Typeform because we use OpenSSL through our hosting provider Amazon.
How does this affect me?
We have no evidence that this vulnerability was used to attack Typeform and the data we store. We immediately took the required steps to patch this vulnerability and ensure your data is safe.
It is recommended that you change your password for online services such as banking or those mentioned above, as these may have been compromised before the exploit was made public.
You can change your Typeform password at https://admin.typeform.com/account.
If you’re looking for a tool to create secure passwords, we recommend 1Password or https://www.xkpasswd.net.
How has this been fixed in Typeform?
Just six hours after the Heartbleed OpenSSL vulnerability was announced to the public on Monday, Typeform was patched to no longer be vulnerable. We have also changed our SSL certificate, to ensure data security going forward.
If you have any questions about this exploit, please email us: email@example.com